Samsung Galaxy S3 Face Unlock Tricked By Photograph 174
AlistairCharlton writes with a story about an Android Face unlock security system that could use some tweaking. "Android's Face Unlock security on the Samsung Galaxy S3 can be tricked into unlocking the phone by showing it a photograph of the owner. In a test carried out by IBTimes UK, we found that the Galaxy S3 cannot distinguish between a photograph and a real person, leading us to suggest users should select a more secure way of locking the phone, such as with a PIN or password."
Last I checked.... (Score:5, Informative)
Last I checked on my Samsung Galaxy SII (with ICS 4.0.3), the "Face Unlock" feature was aptly labeled as "Low Security, Experimental".
The only item marked as "High Security" is the password option.
I don't have an S3, but from what I've read the UI/OS version is pretty close at the moment (4.0.3 vs. 4.0.4). And I do believe, correct me if I'm wrong, that "Face Unlock" is still labeled the same.
Re:Not Intended to be Industrial Grade (Score:5, Informative)
Face unlock is not intended to be industrial grade security. By its nature it has to be tolerant to unlocks (it would suck if you couldn't unlock your phone after a haircut or beard trim, for example). It's intended to prevent casual perusal by someone who finds the phone sitting around. They've added some little things like requiring some movement in the face (eg, blinking), so it's mildly surprising that a static photo can trick it. But it's not especially worrying either - again, it's meant to be one step above slide to unlock.
It's almost like stating that the standard "slide to unlock" is insecure because anyone can slide that button! The statement is true, but it misses the point.
Also, a quote from Samsung taken directly FTFA:
Further this is a standard feature of ICS, and nothing to do with Samsung. Its on all the HTC phones that ship with a front facing camera and ICS installed.
Want to blame someone, blame Google for adding this silly feature to Android.